8 matches found
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
GHSA-8P2P-P8MG-X3CW Insight API transaction broadcast endpoint can result in Full Path Disclosure
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
@joshyzou/sendcrypto (>=1.0.0 <=1.0.2), accept-bitcoin (>=0.0.6 <=0.0.9) +14 more potentially affected by CVE-2018-1000023 via insight-api (=0.4.3)
insight-api NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on insight-api and may be impacted: - @joshyzou/sendcrypto =1.0.0, =0.0.6, =0.0.1, =4.0.0, =1.1.1, =4.1.0, =0.0.1, =4.1.1, =0.5.1, =0.8.7 and more Source cves: CVE-2018-1000023...
Input validation
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
CVE-2018-1000023
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
CVE-2018-1000023
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
CVE-2018-1000023
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...
CVE-2018-1000023
Summary: Bitpay/Insight-api’s Insight-api (versions ≤ 5.0.0) contains a CWE-20 input validation vulnerability in the transaction broadcast endpoint that can disclose full filesystem paths. The issue is described as exploitable via a Web request. The affected product is Bitpay/Insight-api Insight-...